The main issue with these services is that they are “free” or heavily discounted. But since all these companies are for-profit, then one has to ask the question, “How do they stay in business if all these services are so cheap?” You need to dig deeper to understand the dynamics of their business model.
Virtually all of them make their money by collecting and selling information and content. And while they all explicitly state that they will not “sell” your private information to others, there are many other things that should cause you some concern. As a minimum, these services scan through the content of everything you do on their site — including e-mail — and use certain key words and phrases to serve up targeted ads to you. These nuances are contained in their terms of usage and privacy policies, some excerpts of which are contained below for one of the major webmail providers (“We” in this context is the Web/e-mail service provider, which remains anonymous here, and “you” is you, the user. Highlights by the author.):
- “We offer some of our services on or through other web sites. Personal information that you provide to those sites may be sent to [us] in order to deliver the service. … The affiliated sites … may have different privacy practices and we encourage you to read their privacy policies.”
- “We provide such information to our subsidiaries, affiliated companies or other trusted businesses or persons for the purpose of processing personal information on our behalf. We require that these parties agree to process such information based on our instructions and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures.”
- “We may combine the information you submit under your account with information from other services or third parties in order to provide you with a better experience and to improve the quality of our services. For certain services, we may give you the opportunity to opt out of combining such information.”
- [We] maintain and process your [mail] account and its contents to provide the [mail] service to you and to improve our services. The [mail] service includes relevant advertising and related links based on the IP address, content of messages and other information related to your use of [mail service].
- You may … delete your messages … or terminate your account… Residual copies of deleted messages and accounts may take up to 60 days to be deleted from our active servers and may remain in our offline backup systems.
The terms highlighted above should cause any business person — and especially someone in healthcare — to have serious concerns about web-based email.
The only HIPAA-secure e-mail, in our opinion, is one that you control yourself. There may be some online e-mail services that have different or better user/privacy policies than the ones listed above, but generally those are not free.
Marion. Jenkins, PhD, is founder and CEO of QSE Technologies, which provides IT consulting services for ASCs and other medical facilities nationwide. Learn more about QSE Technologies at www.qsetech.com.
